<?PHP	//header
include('config/config.php');
include('php/header.php');
require "php/functions.php";
?>        

<?PHP	//Connect to database
	$conn = mysql_connect($cfg["connection"]["host"], $cfg["connection"]["userName"], $cfg["connection"]["password"]) 
		or die ('Error Cannot Connect to MySQL');
	// Introduce $mysqli as an effort to prevent SQL Injection
	//$mysqli = new mysqli($cfg["connection"]["host"], $cfg["connection"]["userName"], $cfg["connection"]["password"], $cfg["connection"]["database"]);
	@mysql_select_db($cfg["connection"]["database"]) or die( "Unable to select database");
?>



<h2>Shop Creation</h2> 
		<?PHP
			if(checkSet_FormAddShop()){
				if (sanityCheck($_POST['shopname'], 'string', 32) && sanityCheck($_POST['loc'], 'string', 32) && sanityCheck($_POST['add'], 'string', 50))
				{
					$shopname = db_escape_string($_POST['shopname']);
					$location = db_escape_string($_POST['loc']);
					$address = db_escape_string($_POST['add']);
					
					$tbl_name = $cfg["tbl"]["shopLocation"];
					//if ($query = $mysqli->prepare("INSERT INTO $tbl_name (shopId, location, address) VALUES(?,?,?)")){
						//$query->bind_param("sss", $shopname, $location, $address);
						//$result=$query->execute();
						$query = "INSERT INTO $tbl_name (shopId, location, address) VALUES($shopname, $location, $address)";
						$result = mysql_query($query);
						//$query->close();
						if($result)	echo("<div class=\"valid_box\">New Shop Successfully Mounted into Function</div>");
						else echo("<div class=\"error_box\">Shop Creation Failed: ".mysql_error()."</div>");
					}
				//}	
				else echo("<div class=\"error_box\">Shop Creation Failed: "."Form is NOT properly filled - Sanity Check</div>");
			}
			else echo("<div class=\"warning_box\">Fill in the Form and Press \"Submit\" </div>");
		?>
         <div class="form">
         <form action="<?PHP $_PHP_SELF_?>" method="post" id="ShopAdding" class="niceform">
                <fieldset>
                    <dl>
                        <dt><label for="email">Shop ID:</label></dt>
                        <dd><input type="text" name="shopname" size="54" /></dd>
                    </dl>
                    <dl>
                        <dt><label for="password">Location:</label></dt>
                        <dd><input type="text" name="loc" size="54" /></dd>
                    </dl>
                    <dl>
                        <dt><label for="password">Address:</label></dt>
                        <dd><input type="text" name="add" size="54" /></dd>
                    </dl>
                    <dl>
                        <dt><label></label></dt>
                        <dd>
                            <input type="checkbox" name="interests[]" id="" value="" checked /><label class="check_label">I agree to the <a href="#">terms &amp; conditions</a></label>
                        </dd>
                    </dl>
                    
                     <dl class="submit">
                    <input type="submit" name="submit" id="submit" value="Submit" />
                     </dl>  
                </fieldset>       
         </form>
         </div>  

<div class="pagination">
<?PHP	//footer
include('php/footer.php');
?>